Hi all,
I have been using jordemort/traefik-forward-auth for protecting my applications with SSO with great success. Up until this point, all protections have been application-wide. But now, I'm looking to host a small wordpress site behind Traefik and am wondering how I can approach this.
Behavior I want:
- The Wordpress site should be visible at
example.comandwww.example.com - The admin panel should be reachable from
wp.example.com(can simply redirect to wp-login) - The path prefixes
/wp-login.php/adminand/wp-adminshould be inaccessible from any domain other thanwp.example.com - I want
wp.example.comto be protected by my SSO forward-auth middleware so you can't even reach the admin login page without first authenticating via SSO (this will ensure my AAD "Wordpress Managers" group is the only one with users who can access it)
How can I best approach this?
Following this approach, it looks like I can protect those specific routes with any middleware, but ideally, you wouldn't be able to see www.example.com/wp-admin at all and MUST use wp.example.com/wp-admin in order to administer it: